Secure Homegrown AI Agents with CrowdStrike Falcon AIDR and NVIDIA NeMo Guardrails

BLOG Featured Recent Video Category Start Free Trial Secure Homegrown AI Agents with CrowdStrike Falcon AIDR and NVIDIA NeMo Guardrails March 19, 2026 | Bruce McCorkendale - Rob Truesdell | Securing AI The biggest challenge for developers building AI applications is no longer the translation of user intent into action, but rather limiting its scope to stay within stated business goals and prevent abuse. This challenge has moved from theoretical to mission-critical as AI agents transition from experimental projects to mainstream business tools, where a single compromised agent can expose customer data, execute unauthorized transactions, or violate compliance requirements across thousands of interactions.  To defend agents against runtime attacks and reduce the agentic blast radius in the event of compromise, organizations need to define guardrails and a framework that applies those constraints on the do-anything-now capabilities of LLMs. We're excited to announce that CrowdStrike Falcon® AI Detection and Response (AIDR) now supports NVIDIA NeMo Guardrails as of release v0.20.0, delivering enterprise-grade protection that helps organizations confidently move agentic AI applications from development to production. CrowdStrike Falcon AIDR with NVIDIA NeMo Guardrails NVIDIA NeMo Guardrails is an open-source library for adding programmable guardrails to LLMs and agentic applications. It includes a suite of NVIDIA Nemotron Safety models for content safety, personally identifiable information (PII), jailbreak detection, and topic control with advanced reasoning capabilities and multilingual and multimodal support. Together, Falcon AIDR and NVIDIA NeMo Guardrails enable developers to manage agentic data access, control how they should respond, and see which tools and data sources they can access to help ensure custom policy compliance and safety controls. Ultimately, this helps organizations move AI agents from experimentation to production with confidence, visibility, and control.  Falcon AIDR blocks prompt injection attacks that could manipulate agent behavior and trigger unauthorized actions, redacts sensitive data to prevent exposure across thousands of automated interactions, defangs malicious content like adversarial domains before agents can execute compromised workflows, and moderates unwanted topics to ensure agents stay within compliance boundaries. With over 75 built-in classification rules and support for custom data classification, Falcon AIDR provides the comprehensive guardrails that production agentic systems demand, protecting AI agents as they autonomously trigger actions and follow complex business processes. Use Cases Falcon AIDR with NVIDIA NeMo Guardrails excels in scenarios where homegrown AI agents operate autonomously across sensitive business processes. Below are a few examples of how this could improve security across industries: Financial services, where agents handling customer inquiries can automatically redact account numbers and SSNs while blocking prompt injection attempts that could manipulate transaction logic.  Healthcare organizations, which deploy clinical documentation assistants that protect protected health information (PHI) across patient interactions while preventing jailbreak attacks that could compromise medical advice accuracy.  Customer service organizations, which deploy autonomous support agents that handle complex, multi-turn troubleshooting workflows. Falcon AIDR helps ensure these agents don't expose customer PII in chat logs, prevents prompt injection that could manipulate refund policies, and blocks competitor mentions while maintaining natural conversation flow across dozens of interaction turns.  Software development teams, which protect AI coding assistants by detecting hardcoded secrets, blocking code injection attempts, and redacting internal repository references before code is committed.  In each scenario, Falcon AIDR's flexible policy framework for NVIDIA NeMo Guardrails enables organizations to balance security with functionality, starting with monitoring mode to understand their threat landscape, then progressively enforcing blocks and redactions as agents move from development to production, all while maintaining up to sub-100ms response times that keep agentic workflows responsive and user experiences seamless.  Configuring Falcon AIDR Policies  Falcon AIDR and its corresponding API enable teams to create named detection policies tailored to their specific security requirements. A policy is a set of enabled detectors configured to detect, block, redact, encrypt, or transform content. Policies serve as AI guardrails applied at critical points in AI agent and application workflows such as chat input sanitization, chat output filtering, RAG data ingestion, and agent tool invocation. Falcon AIDR includes default policies (e.g., for chat input and chat output) that correspond to these common scenarios, and teams can create custom policies that combine detectors with specific action modes for their unique use cases. The Falcon AIDR API takes the policy name and an OpenAI-compatible messages array containing role-based content (user, system, assistant, tool, function, etc.). The API applies the policy to the appropriate elements of the messages array and returns a recommendation to block or allow, along with possibly transformed elements, such as redacted PII, defanged URLs, or encrypted sensitive data, that the calling application should use in place of the original content (if not blocking the message outright). This flexible response model enables you to start in monitoring mode (report-only) during development, then progressively enforce stricter controls (block, redact, encrypt) as you move to production, ensuring security doesn't slow your development velocity. Falcon AIDR Detectors Falcon AIDR supports the following detectors: Detector Description Malicious Prompt Reports or blocks attempts to manipulate an AII app into violating the constraints of its app-level or model-level intent (prompt injection) Topic Reports or blocks content related to restricted or disallowed topics Language Reports, blocks, or explicitly allows a spoken language to enforce language-based security policies Code Reports or blocks attempts to insert executable code into AI interactions Malicious Entity Reports, defangs, or blocks harmful references such as malicious IPs, URLs, and domains Confidential and PII Reports, redacts, encrypts, or blocks PII and other confidential data, such as email addresses, credit cards and bank numbers, government-issued IDs, etc. Secret and Key Entity Reports, redacts, encrypts, or blocks sensitive credentials like API keys, encryption keys, etc. Competitors Reports or blocks mentions of competing brands or entities Custom Entity Allows users to define and detect specific text patterns or sensitive terms that AI Guard will report, redact, encrypt, or block Using Falcon AIDR with NeMo Guardrails NVIDIA NeMo Guardrails allow you to define the flow of an AI application along with “rails” using Colang, which is an event-driven interaction modeling language that is interpreted by a Python runtime. The NVIDIA NeMo Guardrails GitHub repo has setup instructions for Falcon AIDR support here. NVIDIA NeMo Guardrails Colang examples that apply AIDR as rails can be found in the examples/configs folder: NeMo-Guardrails └── examples └── configs ├── crowdstrike_aidr │ ├── config.yml │ └── README.md └── crowdstrike_aidr_v2 ├── config.yml ├── main.co ├── rails.co └── README.md Below are the three files from the crowdstrike_aidr_v2 folder with a minimal Colang 2 NVIDIA NeMo Guardrails example application using Falcon AIDR for input and output rails. -------------------------------------------- config.yml colang_version: "2.x" models: - type: main engine: openai model: gpt-4o-mini instructions: - type: general content: | You are a helpful assistant. rails: config: crowdstrike_aidr: timeout: 15.0 # Optional request timeout in seconds. Defaults to 30 seconds. config.yml tells NVIDIA NeMo Guardrails to: Use gpt-4o-mini as the LLM to be used by the chat agent Use “You are a helpful assistant.” as the system prompt. Optionally configure the request timeout used by the Falcon AIDR guardrail. -------------------------------------------- main.co import core import llm flow main activate llm continuation main.co defines the main flow of the chat agent, activating the “llm continuation flow” pattern to drive the dialog of the chat app. -------------------------------------------- rails.co import guardrails import nemoguardrails.library.crowdstrike_aidr flow input rails $input_text crowdstrike aidr guard input flow output rails $output_text crowdstrike aidr guard output rails.co defines the input and output rails so that they will apply Falcon AIDR. -------------------------------------------- Get Started with Falcon AIDR Falcon AIDR, now supported with NVIDIA NeMo Guardrails, enables developers to secure AI agents and workloads by blocking prompt injections, sanitizing inputs/outputs, and redacting sensitive data with 75+ built-in rules and custom classifiers, while also moderating unwanted or inappropriate responses. This integration delivers a comprehensive framework for building safe, enterprise-ready AI applications with strong threat mitigation across multiple vectors. Check out the details on GitHub. To discuss the commercial use of Falcon AIDR or schedule a demo, please contact us. Tweet Share CrowdStrike 2026 Global Threat Report AI threats have reached a critical turning point. Access the definitive look at the cyber threat landscape. Download report Related Content Introducing "AI Unlocked: Decoding Prompt Injection," a New Interactive Challenge What Security Teams Need to Know About OpenClaw, the AI Super Agent Secure AI with CrowdStrike: Real-World Stories of Protecting AI Workloads and Data CATEGORIES Agentic SOC 48 Cloud & Application Security 139 Data Protection 21 Endpoint Security & XDR 351 Engineering & Tech 86 Executive Viewpoint 177 Exposure Management 116 From The Front Lines 198 Next-Gen Identity Security 67 Next-Gen SIEM & Log Management 111 Public Sector 42 Securing AI 26 Threat Hunting & Intel 210 CONNECT WITH US FEATURED ARTICLES October 01, 2024 CrowdStrike Named a Leader in 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms September 25, 2024 Recognizing the Resilience of the CrowdStrike Community September 25, 2024 CrowdStrike Drives Cybersecurity Forward with New Innovations Spanning AI, Cloud, Next-Gen SIEM and Identity Protection September 18, 2024 SUBSCRIBE Sign up now to receive the latest notifications and updates from CrowdStrike. Sign Up Introducing "AI Unlocked: Decoding Prompt Injection," a New Interactive Challenge Copyright © 2026 CrowdStrike Privacy Request Info Blog Contact Us 1.888.512.8906 Accessibility ABOUT COOKIES ON THIS SITE In order to provide you with the most relevant content and best browser experience, we use cookies to remember and store information about how you use our website. See how we use this information in our Privacy Notice and more information about cookies in our Cookie Notice. Privacy Preference Center Privacy Preference Center Your Privacy Strictly Necessary Cookies Performance Cookies Functional Cookies Targeting Cookies Your Privacy When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Strictly Necessary Cookies Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They may be set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies may process limited personal information, such as technical or device identifiers, where necessary to ensure the security, functionality, and integrity of the website or web portal. Such processing is strictly limited to what is required for these purposes and is not used for advertising or marketing. Cookies Details Performance Cookies Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore does not identify you. If you do not allow these cookies, your visit to our website will not be included in our analytics, and our ability to monitor website performance and make improvements will be reduced. Cookies Details Functional Cookies Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details Targeting Cookies Targeting Cookies These cookies may be set on our site by our advertising partners. They assign a unique identifier to your browser or device and may track your activity across sites to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will still see ads, but they may be less relevant to you. Cookies Details Cookie List Consent Leg.Interest checkbox label label checkbox label label checkbox label label Clear checkbox label label Apply Cancel Confirm My Choices Allow All